MS05-047.c提交时间:2005-10-22 提交用户:GunKing 工具分类:攻击程序 运行平台:Windows 工具大小:13218 Bytes 文件MD5 :cc6aa664d07dbebb77528bc7cee29922 工具来源:FrSIRT/ADV-2005-2044 Microsoft Windows Plug and Play Remote Code Execution (MS05-047) A vulnerability has been identified in Microsoft Windows, which may be exploited by attackers to execute abitrary commands or by malicious users to obtain elevated privileges. This issue is due to a buffer overflow error in the Plug and Play (PnP) service that does not properly validate user supplied data to the functions "PNP_GetDeviceList" and "PNP_GetDeviceListSize", which could be exploited by attackers to execute arbitrary commands. Note : On Windows 2000 and Windows XP SP1, an authenticated user could remotely exploit this vulnerability, however, in certain Windows XP configurations, anonymous users could authenticate and exploit this vulnerability as the Guest account. On Windows XP SP2, only an administrator can remotely access the affected component. Therefore, on Windows XP SP2, this issue is strictly a local privilege elevation vulnerability. ***************************** CVE-2005-2120 (under review) Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. >> 下载 << |
